alienbot | 25f8c85774f2c0cfb7122f2a1de2301498c70c239a42d0cd9399c904c22a35b9

Analysis

max time kernel
3843698s
max time network
155s
platform
android_x64
resource
android-x64-arm64-20220310-en
submitted
21-05-2022 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25f8c85774f2c0cfb7122f2a1de2301498c70c239a42d0cd9399c904c22a35b9.apk
Size

1.4MB
MD5

7557a88cf8e930d33675a1cf2a3ca0f0
SHA1

dff8dd372f1d3137bb41820f89b67acecb7204c1
SHA256

25f8c85774f2c0cfb7122f2a1de2301498c70c239a42d0cd9399c904c22a35b9
SHA512

3d8214805293c47ed91b40653619396d1a82a9310a27c7979723a0f3b5d7d67c198802f534ba98ac882d5090c9913b7e930335edf13a7a4a658c8cdb9d4feed8

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

http://alskdalksdlaksdjlaigpopoinojasg.info/

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph

ioc	pid	process
/data/user/0/ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph/app_DynamicOptDex/qUbuD.json	6948	ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph
/data/user/0/ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph/app_DynamicOptDex/qUbuD.json	6948	ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph

ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:6948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph/app_DynamicOptDex/oat/qUbuD.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph/app_DynamicOptDex/qUbuD.json
Filesize
730KB

MD5
f57737c363419720b82c569be6a9cb04

SHA1
38816a25583a52ca3f5eb305acdd91be887376e3

SHA256
9f24e342bf3cc2b35e7fef63d682515a01193789acffe79ac74a62fb6e41d298

SHA512
73370947343d3331d14c0e5c2b061db982a66c5ff556e2a5d2f3ca02e63b5f913191c7983f83b0fa43c0669ff1ae6fb59ae17db6a0af59a41efdc8a97f59bf23

Download Submit
/data/user/0/ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph/app_DynamicOptDex/qUbuD.json
Filesize
730KB

MD5
bea1a26accb85be002f29ca8bed94444

SHA1
a27216ece47a8cc87c99855e40b3dbb0bfd659b5

SHA256
4f8b45eb438098549b76367305f5701ef53d467647d3479431771f1f767fb61b

SHA512
567770506afeba0ed5301e86983e94c627f752c1300ef60459ec11e8d652ebb51a8a008ee4e12a872f6adafd5b29cba1abf28780a76b28bbeefc3a668f8e1fcb

Download Submit
/data/user/0/ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph/app_DynamicOptDex/qUbuD.json
Filesize
730KB

MD5
bea1a26accb85be002f29ca8bed94444

SHA1
a27216ece47a8cc87c99855e40b3dbb0bfd659b5

SHA256
4f8b45eb438098549b76367305f5701ef53d467647d3479431771f1f767fb61b

SHA512
567770506afeba0ed5301e86983e94c627f752c1300ef60459ec11e8d652ebb51a8a008ee4e12a872f6adafd5b29cba1abf28780a76b28bbeefc3a668f8e1fcb

Download Submit